35634 matches found
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to security restrictions bypass
Summary Node.js is used by IBM App Connect Enterprise Certified Container for running integration code. IBM App Connect Enterprise Certified Container operands are vulnerable to security restrictions bypass. This bulletin provides patch information to address the reported vulnerability in Node.js...
Security Bulletin: Vulnerabilities in Expat (AKA libexpat) affect IBM Storage Protect for Virtual Environments: Data Protection for VMware (CVE-2022-23852, CVE-2022-23990)
Summary IBM Storage Protect for Virtual Environments: Data Protection for VMware can be affected by vulnerabilities in the Expat library. The vulnerabilities can lead to execution of arbitrary code, as described by the CVEs in the "Vulnerability Details" section. The vulnerabilities have been...
Security Bulletin: IBM Storage Protect Backup-Archive Client and IBM Storage Protect for Virtual Environments are vulnerable to confidentiality impact, availability impact, integrity impact, and arbitrary code execution due to multiple CVEs in IBM Java
Summary IBM Storage Protect Backup-Archive Client and IBM Storage Protect for Virtual Environments are affected by multiple vulnerabilities in IBM Java: CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938, CVE-2023-2597. The vulnerabiltie...
Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to information disclosure due to Apache MINA SSHD (CVE-2023-35887)
Summary Apache MINA SSHD is shipped with IBM Tivoli Netcool Impact as part of the Command Line Manager service. Information about a security vulnerability affecting Apache MINA SSHD has been published in a security bulletin. Vulnerability Details CVEID:CVE-2023-35887 DESCRIPTION: Apache MINA SSHD...
Security Bulletin: IBM Operational Decision Manager September 2023 - Multiple CVEs addressed
Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-2253...
Security Bulletin: Vulnerability in moment-timezone affects IBM VM Recovery Manager DR GUI
Summary There is vulnerability in moment-timezone opensource package which affects IBM VM Recovery Manager HA and DR GUI. Vulnerability Details CVEID:CVE-2022-43441 DESCRIPTION: Ghost node-sqlite3 could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the...
Security Bulletin: Vulnerability in IBM Java affects DB2 Recovery Expert for Linux, Unix and Windows
Summary IBM Java versions 8.0.7.0 - 8.0.7.11 are vulnerable to crypto attacks Vulnerability Details CVEID:CVE-2023-30441 DESCRIPTION: IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of...
Security Bulletin: IBM Cognos Command Center is affected by multiple vulnerabilities (CVE-2023-21939, CVE-2023-21967, CVE-2022-29117, XFID: 234366)
Summary There are vulnerabilities in IBM® Semeru Java™ Version 11 used by IBM Cognos Command Center. IBM Cognos Command Center 10.2.4 Fix Pack 1 IF19 has addressed the applicable CVEs by upgrading to IBM® Semeru JRE 11.0.19.0 CVE-2023-21939, CVE-2023-21967. The following 3rd party components used...
Security Bulletin: Vulnerability found in cxf-rt-transports-http-3.5.3.jar which is shipped with IBM® Intelligent Operations Center(CVE-2022-46363)
Summary Vulnerability have been identified in cxf-rt-transports-http-3.5.3.jar which is shipped with IBM® Intelligent Operations Center. Information about this vulnerability affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details...
Security Bulletin: Vulnerabilities found in jackson-mapper-asl-1.9.13.jar which is shipped with IBM® Intelligent Operations Center(CVE-2019-10202, CVE-2019-10172)
Summary Multiple vulnerabilities have been identified in jackson-mapper-asl-1.9.13.jar which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerabilit...
Security Bulletin: CVE-2022-40609 may affect Java Technology Edition used by Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint
Summary CVE-2022-40609 vulnerability in Java Technology Edition could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw by sending specially-crafted data. Vulnerability Details CVEID:CVE-2022-40609 DESCRIPTION: IBM SDK, Java Technology Editi...
Security Bulletin: IBM Security Verify Information Queue has multiple information exposure vulnerabilities (CVE-2023-33833, CVE-2023-33834, CVE-2023-33835)
Summary IBM Security Verify Information Queue ISIQ v10.0.6 has remediated several vulnerabilities in which internal product details were being disclosed that could be exploited for harmful attacks. Vulnerability Details CVEID:CVE-2023-33835 DESCRIPTION: IBM Security Verify Information Queue could...
Security Bulletin: IBM TRIRIGA Application Platform discloses denial of service (CVE-2022-31129)
Summary Moment is vulnerable to a denial of service, caused by inefficient regular expression complexity. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. Vulnerability Details CVEID:CVE-2022-31129 DESCRIPTION: Moment is...
Security Bulletin: IBM Security Directory Suite has multiple vulnerabilities [CVE-2022-33163 and CVE-2022-33168]
Summary The following vulnerabilties in IBM Security Directory Suite have been addressed. Please apply the fixes shown below. CVE-2022-33163 and CVE-2022-33168 Vulnerability Details CVEID:CVE-2022-33163 DESCRIPTION: IBM Security Directory Suite VA 8.0.1 specifies permissions for a security-critic...
Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities (CVE-2023-28530, XFID: 212233, CVE-2022-24999, CVE-2023-28530, CVE-2023-25929)
Summary Security vulnerabilities have been addressed in IBM Cognos Analytics 11.2.4 FP2. These vulnerabilities have also been previously addressed in IBM Cognos Analytics 11.1.7 FP7. Denial of Service DOS vulnerabilities have been addressed in Netplex json-smart-v2 CVE-2023-1370 , node.js d3-colo...
Security Bulletin: IBM InfoSphere Information Server is affected by a denial of service vulnerability in netplex json-smart-v2 (CVE-2023-1370)
Summary A denial of service vulnerability in netplex json-smart-v2 used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-1370 DESCRIPTION: netplex json-smart-v2 is vulnerable to a denial of service, caused by not limiting the nesting of arrays or objects. By...
Security Bulletin: Multiple vulnerabilities fixed in IBM Security Verify Governance - Identity Manager Virtual Appliance
Summary Multiple security vulnerabilities for open source components used in IBM Security Verify Governance, Identity Manager - Virtual Appliance component have been addressed. Vulnerability Details CVEID:CVE-2020-7729 DESCRIPTION: Node.js grunt module could allow a remote authenticated attacker ...
Security Bulletin: Vulnerabilities in Linux Kernel might affect IBM Spectrum Copy Data Management (CVE-2022-1280, CVE-2023-0386, CVE-2022-4269, CVE-2022-2873, CVE-2022-4378)
Summary IBM Spectrum Copy Data Management can be affected by vulnerabilities in Linux Kernel. Vulnerabilities include gaining elevated privileges, obtaining sensitive information, causing the system to crash, and denial of service attack, as described by the CVEs in the "Vulnerability Details"...
Security Bulletin: Pallets Flask is vulnerable to CVE-2023-30861 used in IBM Maximo Application Suite
Summary IBM Maximo Application Suite uses Pallets Flask which is vulnerable to CVE-2023-30861 Vulnerability Details CVEID:CVE-2023-30861 DESCRIPTION: Pallets Flask could allow a remote attacker to obtain sensitive information, caused by missing Vary: Cookie header. By sending a specially crafted...
Security Bulletin: IBM Edge Application Manager 4.5.1 addresses multiple security vulnerabilities
Summary IBM Edge Application Manager 4.5.1 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2022-3171 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing procedure for binary and text...
Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a Kubernetes API server security vulnerability (CVE-2022-3172)
Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability in the Kubernetes API server that can cause clients to be redirected by an aggregated API server SSRF CVE-2022-3172 Vulnerability Details CVEID: CVE-2022-3172 Description: Kubernetes kube-apiserver is vulnerable to...
Security Bulletin: Multiple Vulnerabilities (CVE-2023-24998, CVE-2023-1436) affect CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition.
Summary Multiple Vulnerabilities CVE-2023-24998, CVE-2023-1436 affect CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition. This fix resolves these vulnerabilities. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are...
Security Bulletin: IBM WebSphere Application Server is vulnerable to cross-site scripting in the Admin Console (CVE-2023-24966)
Summary IBM WebSphere Application Server is vulnerable to cross site scripting in the Admin Console. This has been addressed in the remediation section below. Vulnerability Details CVEID:CVE-2023-24966 DESCRIPTION: IBM WebSphere Application Server is vulnerable to cross-site scripting. This...
Security Bulletin: CVE-2023-24998 may affect IBM CICS TX Advanced
Summary CVE-2023-24998 may affect IBM WebSphere Application Server Liberty supplied with IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service,...
Security Bulletin: Vulnerability in OpenSSL affects IBM BladeCenter Networking Switch products (CVE-2016-2183)
Summary OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM BladeCenter Networking Switch products. The IBM BladeCenter Networking Switch products below have addressed the applicable CVE. Vulnerability Details Summary OpenSSL...
Security Bulletin: IBM System Networking Products not affected by the Bash vulnerabilities (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, and CVE-2014-6278)
Summary IBM System Networking Products are not vulnerable to the Bash vulnerabilities that have been referred to as Bash Bug or Shellshock and the two memory corruption vulnerabilities. Vulnerability Details Abstract IBM System Networking Products are not vulnerable to the Bash vulnerabilitie...
Security Bulletin: Vulnerabilities in NTP affect IBM Flex System FC3171 8Gb SAN Switch & SAN Pass-thru Firmware, QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module and QLogic Virtual Fabric Extension Module for IBM BladeCenter
Summary The switch firmware deliverables listed below have addressed the applicable NTP CVEs. Vulnerability Details Summary The switch firmware deliverables listed below have addressed the applicable NTP CVEs. Vulnerability Details: CVE-ID: CVE-2014-9750 Description: NTP NTPd could allow a remote...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in MIT krb5 (CVE-2022-42898).
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in MIT krb5 caused by an integer overflow in PAC parsing in the krb5parsepac function CVE-2022-42898. MIT krb5 is included as part of the Base OS used by our service images. Please read th...
Security Bulletin: Multiple vulnerabilities in VMware ESXi affect IBM Cloud Pak System
Summary Vulnerabilities identified in VMware ESXi bundled with Cloud Pak System. Cloud Pak Systen has addressed vulnerabilities. Vulnerability Details CVEID:CVE-2022-28693 DESCRIPTION: Intel Processors could allow a local authenticated attacker to obtain sensitive information, caused by unprotect...
Security Bulletin: Vulnerability in gson-2.8.0.jar affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0)(CVE-2022-25647).
Summary The gson-2.8.0.jar package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVECVE-2022-25647 Vulnerability Details CVEID:CVE-2022-25647 DESCRIPTION: Google Gson is vulnerable to a denial of service, caused by the deserializatio...
Security Bulletin: OpenSLP vulnerability affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
Summary A vulnerability in OpenSLP affects IBM SAN Volume Controller, IBM Storwize V7000, V5000, V5100, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 and 9100 family products. The applicable vulnerability is CVE-2019-5544...
Security Bulletin: Vulnerability in Apache Tomcat affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
Summary A vulnerability in Apache Tomcat affects the product's management GUI. The Command Line Interface is unaffected. Vulnerability Details CVEID:CVE-2022-42252 DESCRIPTION: Apache Tomcat is vulnerable to HTTP request smuggling, caused by the failure to reject a request containing an invalid...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
Summary Vulnerabilities in the IBM® Runtime Environment Java™ Technology Edition affect IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 and 9100 family products. The...
Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerabilities CVE-2021-41182, CVE-2022-31160, CVE-2021-41184, CVE-2021-41183
Summary There are vulnerabilities CVE-2021-41182, CVE-2022-31160, CVE-2021-41184, CVE-2021-41183 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2021-41182 DESCRIPTION: jQuery jQuery-UI is vulnerable to cross-site scripting, caused by improper validation of...
Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects TS2900 (CVE-2015-4000)
Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects TS2900. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHEEXPO...
Security Bulletin: WebSphere Application Server traditional is vulnerable to a remote code execution vulnerability
Summary WebSphere Application Server, used by IBM Tivoli Network Manager ITNM IP Edition, is vulnerable to a remote code execution vulnerability. Vulnerability Details CVEID:CVE-2023-23477 DESCRIPTION: IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execu...
Security Bulletin: Security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for Febuary 2023
Summary In addition to many updates of operating system level packages, the following security vulnerability is addressed with IBM Cloud Pak for Business Automation 21.0.3-IF018 and 22.0.2-IF002. Vulnerability Details CVEID:CVE-2022-38749 DESCRIPTION: SnakeYAML is vulnerable to a denial of servic...
Security Bulletin: server-side request forgery vulnerability in Apache CXF (CVE-2022-46364) may affect CICS TX Standard
Summary CICS TX Standard has addressed a vulnerability in Apache CXF CVE-2022-46364. Vulnerability Details CVEID:CVE-2022-46364 DESCRIPTION: Apache CXF is vulnerable to server-side request forgery, caused by a flaw in parsing the href attribute of XOP:Include in MTOM requests. By using a...
Security Bulletin: IBM MQ is vulnerable to a denial of service attack caused by specially crafted PCF or MQSC messages. (CVE-2022-43902)
Summary An issue was identified within the IBM MQ Server component that would allow an authenticated attacker with sufficient MQ permissions to send MQSC or PCF commands to execute a denial of service attack by sending specially crafted payload. Vulnerability Details CVEID:CVE-2022-43902...
Security Bulletin: Multiple Vulnerabilities in the Linux kernel affect the IBM FlashSystem models 840 and 900
Summary There are vulnerabilities in the Linux kernel to which the IBM FlashSystem™ 840 and FlashSystem 900 are susceptible CVE-2019-11477, CVE-2019-11478, and CVE-2019-11479. An exploit of these vulnerabilities could allow a remote attacker to cause a denial of service condition. Vulnerability...
Security Bulletin: Multiple CVEs affect IBM Integration Designer
Summary Multiple vulnerabilities found in 3rd party software used by IBM Integration Designer. IBM Integration Designer has addressed the multiple CVEs. Vulnerability Details CVEID:CVE-2020-36181 DESCRIPTION: FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on th...
Security Bulletin: A vulnerability in the IBM Java Runtime affects IBM Rational ClearQuest (CVE-2022-21626)
Summary There are multiple vulnerabilities in the IBM® Runtime Environment Java™ Versions 7 and 8, which are used by IBM Rational ClearQuest. These issues were disclosed in the IBM Java SDK updates in October 2022. IBM Rational ClearQuest has addressed the applicable CVEs. Vulnerability Details...
Security Bulletin: Multiple vulnerabilities in Mozilla Firefox affect IBM Cloud Pak for Multicloud Management Monitoring.
Summary Multiple vulnerabilities in Mozilla Firefox affect IBM Cloud Pak for Multicloud Management Monitoring. Vulnerability Details CVEID:CVE-2022-22739 DESCRIPTION: Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by missing throttling on external protocol...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to FasterXML jackson-databind denial of service (CVE-2022-42003)
Summary Potential vulnerabilities in FasterXML jackson-databind which is caused by a lack of a check in the primitive value deserializers when the UNWRAPSINGLEVALUEARRAYS feature is enabled CVE-2022-42003 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer t...
Security Bulletin: Rational Test Automation Server is vulnerable to Allocation of resources without limits vulnerability due to Keycloak (CVE-2021-3637)
Summary Vulnerability related to allocation of resources without limits associated with the Keycloak versions before 14.0.0 impacts Rational Test Automation Server. Vulnerability Details CVEID:CVE-2021-3637 DESCRIPTION: Keycloak is vulnerable to a denial of service, caused by a flaw in the...
Security Bulletin: The Java version bundled with IBM Cognos Express is susceptible to unspecified vulnerabilities in the Java Runtime Environment (JRE) (CVE-2012-0498 and CVE-2012-5081)
Summary The version of Java included with IBM Cognos Express has a reported vulnerability that allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D CVE-2012-0498 and allows remote attackers to affect availability CVE-2012-5081...
Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to HTTP request smuggling due to CVE-2022-32215
Summary Node.js is used by all IBM App Connect Enterprise Certified Container operands. IBM App Connect Enterprise Certified Container operands may be vulnerable to HTTP request smuggling. This bulletin provides patch information to address the reported vulnerability CVE-2022-32215 in Node.js...
Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to arbitrary code execution due to CVE-2017-0663 and loss of confidentiality due to CVE-2017-7375
Summary Libxml2 is not used directly by IBM App Connect Enterprise Certified Container but is present in the operand images as part of the base operating system. Use of libxml2 within IBM App Connect Enterprise Certified Container operands may be vulnerable to arbitrary code execution and loss of...
Security Bulletin: Multiple Vulnerabilities in base image packages affect IBM Voice Gateway
Summary Security Vulnerabilities in base image packages affect IBM Voice Gateway. Vulnerability Details CVEID:CVE-2022-34903 DESCRIPTION: GnuPG could allow a remote attacker to conduct spoofing attacks, caused by a flaw when processing secret-key information from keyring. By sending a...
Security Bulletin: IBM Robotic Process Automation is allows weak passwords priort to 21.0.3 (CVE-2022-35280)
Summary Prior to version 21.0.3 IBM Robotic Process Automation allowed weak passwords that may make it easier for attackers to compromise accounts. As of release 21.0.3 IBM Robotic Process Automation enforces strong passwords. Vulnerability Details CVEID:CVE-2022-35280 DESCRIPTION: IBM Robotic...